Attribute | Details |
---|---|
Threat Actors | China-backed APT groups, specifically Earth Baxia, Earth Baku (APT41, Brass Typhoon) |
Campaign Overview | Ongoing cyber-espionage targeting high-profile organizations in Southeast Asia since October 2023 |
Target Regions | Southeast Asia, Taiwan, APAC region |
Methodology | Intelligence gathering, remote access tools, DLL sideloading, open-source tools, persistence tactics |
Product Targeted | Government ministries, Air traffic control, Telecom companies, Media outlet |
Malware Reference | Rakshasa, PlugX (Korplug), Stowaway, ReverseSSH, SharpGPOAbuse |
Tools Used | Remote access tools, password collectors, keyloggers, DLL sideloading tools, Impacket |
Vulnerabilities Exploited | DLL sideloading, exploitation of Impacket commands via WMI, authentication filters |
TTPs | Persistence, data exfiltration, stealth access maintenance, password collection |
Attribution | Linked to Chinese APT groups like Earth Baxia, Earth Baku, Fireant, Budworm |
Recommendations | SOC Prime solutions, Symantec protection bulletin for threat mitigation, detection automation |
Source | SOC Prime |
Read full article: https://socprime.com/blog/chinese-apt-cyberespionage-southeast-asia-detection/
The above summary has been generated by an AI language model
Leave a Reply